[[pacman|Install]] {{Pkg|squid}}, previously available in the [[Official Repositories]] but moved to [http://aur.archlinux.org/packages.php?ID=62362 AUR - squid] after someone reported a minor bug in the cron file. A filed [https://bugs.archlinux.org/task/31386 bugreport] was closed with the comment "Look in the [[AUR]]".

+

[[pacman|Install]] {{Pkg|squid}}, previously available in the [[Official Repositories]] but moved to [https://aur.archlinux.org/packages.php?ID=62362 AUR - squid] after someone reported a minor bug in the cron file. A filed [https://bugs.archlinux.org/task/31386 bugreport] was closed with the comment "Look in the [[AUR]]".

For how to build and install packages, please read [[AUR#Installing_packages]].

For how to build and install packages, please read [[AUR#Installing_packages]].

Line 110:

Line 110:

Follow [[ClamAV|this link]] to install ClamAV on your system.

Follow [[ClamAV|this link]] to install ClamAV on your system.

−

Once ClamAV is installed, install HAVP from AUR. Details on installing an AUR package can be found [http://wiki.archlinux.org/index.php/AUR_User_Guidelines#Installing_Packages_from_the_AUR here], and the HAVP package can be found [https://aur.archlinux.org/packages.php?ID=10417 here].

+

Once ClamAV is installed, install HAVP from AUR. Details on installing an AUR package can be found [[AUR_User_Guidelines#Installing_Packages_from_the_AUR|here]], and the HAVP package can be found [https://aur.archlinux.org/packages.php?ID=10417 here].

=== Configuration ===

=== Configuration ===

Line 176:

Line 176:

== HTTP Authentication ==

== HTTP Authentication ==

−

Squid can be configured to require a user and password in order to use it. We will use [http://en.wikipedia.org/wiki/Digest_access_authentication digest http auth]

+

Squid can be configured to require a user and password in order to use it. We will use [[wikipedia:Digest_access_authentication|digest http auth]]

First create a users file with {{Ic|htdigest -c /etc/squid/users MyRealm username}}. Enter a password when prompted.

First create a users file with {{Ic|htdigest -c /etc/squid/users MyRealm username}}. Enter a password when prompted.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on Unix and Windows and is licensed under the GNU GPL.

While squid works wonderfully in large corporations and schools, it can also benefit the home user too. However, if you're looking for a more lightweight single-user proxy, you should try Polipo.

Configuration

By default, the cache directories will be created in /var/cache/squid, and the appropriate permissions set up for those directories. However, for greater control, we need to delve into /etc/squid/squid.conf.

Everything is well commented, but if you want to strip the comments out you should run:

sed -i "/^#/d;/^ *$/d" /etc/squid/squid.conf

The following options might be of some use to you. If you do not have the option present in your configuration file, add it!

http_port - Sets the port that Squid binds to on your local machine. You can have Squid bind to multiple ports by specifying multiple http_port lines. By default, Squid binds to port 3128.

http_port 3128
http_port 3129

http_access - This is an access control list for who is allowed to use the proxy. By default only localhost is allowed to access the proxy. For testing purposes, you may want to change the option http_access deny all to http_access allow all, which will allow anyone to connect to your proxy. If you wanted to just allow access to your subnet, you can do:

shutdown_lifetime - Specifies how long Squid should wait when its rc.d script is asked to stop. If you're running squid on your desktop PC, you may want to set this to something short.

shutdown_lifetime 10 seconds

cache_mem - This is how much memory you want Squid to use to keep objects in memory rather than writing them to disk. Squid's total memory usage will exceed this! By default this is 8MB, so you might want to increase it if you have lots of RAM available.

cache_mem 64 MB

visible_hostname - hostname that will be shown in status/error messages

visible_hostname cerberus

cache_peer - If you want your Squid to go through another proxy server, rather than directly out to the Internet, you need to specify it here.

login - Use this option if the parent proxy requires authentication.

never_direct - Tells the cache to never go direct to the internet to retrieve a page. You will want this if you have set the option above.

maximum_object_size - The largest size of a cached object. By default this is small (256KB I think), so if you have a lot of disk space you will want to increase the size of it to something reasonable.

maximum_object_size 10 MB

cache_dir - This is your cache directory, where all the cached files are stored. There are many options here, but the format should generally go like:

cache_dir diskd <directory> <size in MB> 16 256

So, in the case of a school's internet proxy:

cache_dir diskd /cache0 200000 16 256

If you change the cache directory from defaults, you must set the correct permissions on the cache directory before starting Squid, else it won't be able to create its cache directories and will fail to start.

Starting

Once you have finished your configuration, you should check that your configuration file is correct:

Make sure your port in your /etc/havp/havp.config matches the cache_peer port in /etc/squid/squid.conf.

Testing

Reload your squid and start HAVP :

/etc/rc.d/squid restart
/etc/rc.d/havp start

Don't forget to add HAVP to your rc.conf if your want it to launch on boot :

DAEMONS=([...] squid havp [...]_

You can try the antivirus capabilities with a test virus (not a real virus) available here.

Transparent web proxy

Transparency happens by redirecting all www requests eth0 picks up, to Squid. You'll need to indicate Squid that it is running like a transparent web proxy by adding the intercept (for squid 3.2) parameter to the http_port option: